I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

structure and the security mechanisms used to govern application access. In order to pass the CISSP exam, you'll need to know about software architecture, programming concepts, data interfaces and more. This section of The CISSP Study Guide offers resources and expert advice on enterprise application security best practices. After reviewing these resources, test your knowledge of enterprise application security by referring to our enterprise application security quiz, written by CISSP All-in-one Exam Guide author Shon Harris.

Spotlight article: Domain 6, Application and System Development Applications and systems are the technologies closest to the data enterprise security teams try to protect. This CISSP Application and System Development Domain 6 article details how applications and systems are structured, what security mechanisms and strategies are commonly used to secure data during access, processing and storage, and also touches on some of the most common enterprise application security threats and countermeasures.

Database application security: Balancing encryption, access control Database applications are often the epicenter of a company's most sensitive data, so database application security is essential, but maintaining a balance between security and business use can be tricky.

In this tip, Andreas Antonopoulos discusses encryption strategies for database applications and offers some best practices for database application security, most notably how to protect sensitive data and establish a balance between strong encryption and appropriate access control.

In this tip, security expert Joel Dubin explains why the PCI DSS Section 6 requirements are important and offers advice on how an enterprise can comply with the mandate.

SANS Top 25 Programming Errors list: Enterprise application security best practices Project managers and developers need to ensure application code doesn't include any errors, and code reviewers need pay particular attention dangerous and emerging application vulnerabilities. The CWE/SANS Top 25 Most Dangerous Programming Errors list, which is published every year, can be a great tool for anyone involved in developing computer software.

In this tip, learn how the SANS Top 25 Programming Errors list can provide a great application security best practices checklist outlining the most likely areas where coding errors result in a potential application vulnerability.

This tip explains what to do when an enterprise has a huge portfolio of potentially insecure applications and limited resources with which to assess them. It also reviews the enterprise application security assessment process by outlining the techniques used to review applications and comparing and contrasting strategic paradigms for application assessments.

Targeted source code reviews reduce software security vulnerabilities Software flaws have been the route that hackers have followed to achieve many expensive online thefts, including the SQL injection attacks that led to the highly publicized credit card breaches at Heartland Payment Systems Inc.

In this tip, you will learn how targeted source code reviews can reduce software vulnerabilities and how VARs and resellers currently offering software products such as static and dynamic software scan tools can further assist their clients by providing source code review services.

Balancing security and performance: Protecting layer 7 on the network According to a recent SearchSecurity.com survey of nearly 900 IT professionals, 80% of networking and security pros are concerned about application-layer threats.

About the authorShon Harris, CISSP, MCSE, is the president of Logical Security, an IT security consulting and training company. She is a former engineer in the Air Force's Information Warfare unit, an instructor and the best-selling author of the previous three editions of this book. Shon has taught computer and information security to a wide range of clients, including RSA, the Department of Defense, the Department of Energy, the National Security Agency and many more.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy